using System;
using System.Collections;
using System.Text;
using System.Security.Principal;
using System.Collections.Generic;

namespace NBusiness.Data
{
    [Serializable]
    public class AccessRuleCollection : CollectionBase, IList<AccessRule>
    {
        public void Add(AccessRule item)
        {
            List.Add(item);
        }

        #region Check Access Rules 
        public bool CanGetField(Type entityType, string field, IPrincipal principal)
        {
            return CheckAccess(entityType, field, AccessRuleType.Get, principal);
        }

        public bool CanSetField(Type entityType, string field, IPrincipal principal)
        {
            return CheckAccess(entityType, field, AccessRuleType.Set, principal);
        }

        private bool CheckAccess(Type entityType, string field, AccessRuleType ruleType, IPrincipal principal)
        {
            //default is false, but a developer can override the default if they don't
            //want to use the built in access features.
            bool ok = (bool)Settings.Instance.GetSetting(SettingsType.AccessDefault, entityType);

            foreach (AccessRule rule in this.List)
            {
                if (rule.EntityType.Equals(entityType) && rule.Type.Equals(ruleType) && rule.Field == field)
                {
                    //Applies to all users
                    if (rule.Role == "*")
                    {
                        ok = rule.Allow;
                    }
                    //If user is authenticated at least but in any role
                    else if (rule.Role == "?")
                    {
                        ok = rule.Allow & principal.Identity.IsAuthenticated;
                    }
                    else if (principal.IsInRole(rule.Role))
                    {
                        //If explicitly unauthorized, you may not perform this action
                        if (!rule.Allow) return false;

                        //if specifically authorized, you may perform this action
                        //unless another rule has you as unauthorized.
                        else ok = true;
                    }
                }
            }

            return ok;
        } 
        #endregion

        #region IList<AccessRule> Members

        public int IndexOf(AccessRule item)
        {
            return List.IndexOf(item);
        }

        public void Insert(int index, AccessRule item)
        {
            List.Insert(index, item);
        }

        public AccessRule this[int index]
        {
            get
            {
                return (AccessRule)List[index];
            }
            set
            {
                List[index] = value;
            }
        }

        #endregion

        #region ICollection<AccessRule> Members


        public bool Contains(AccessRule item)
        {
            return List.Contains(item);
        }

        public void CopyTo(AccessRule[] array, int arrayIndex)
        {
            List.CopyTo(array, arrayIndex);
        }

        public bool IsReadOnly
        {
            get { return false; }
        }

        public bool Remove(AccessRule item)
        {
            bool removed = false;
            if (List.Contains(item))
            {
                removed = true;
                List.Remove(item);
            }
            return removed;
        }

        #endregion

        #region IEnumerable<AccessRule> Members

        public new IEnumerator<AccessRule> GetEnumerator()
        {
            foreach (AccessRule rule in List)
            {
                yield return rule;
            }
        }

        #endregion
    }
}
